(untagged)

Copy AD Members From One Group to Another using C#

Timothy Gutzke

0.00/5 (No votes)

20 Jan 2014

Copy members between Active Directory groups

Introduction

Recently, my company merged two locations into one, and we needed to also merge some Active Directory groups. I wrote a console command in C# to move users from old groups to another group using System.Directory.AccountManagement namespace classes.

Using the Code

There are only two classes, the Program class, and the CopyADGroup class. The CopyADGroup has the CopyGroup method, which takes three parameters:

the group whose users are being copied
the group being copied to, and
the domain name

These parameters will be supplied at the command line in that order.

Command-line example:

CopyADGroup oldgroup newgroup yourdomain.com

using System;
namespace CopyADGroup
{
    class Program
    {
	   static void Main(string[] args)
	   {
		  if(args.Length != 3)
		  {
			 Console.WriteLine("Must enter three parameters for this command. 
			 The group whose members you want to copy, the group to which you want 
			 to copy those members, and domain name for the groups.");
		  }
		  else
		  {
			 CopyGroup Copying = new CopyGroup();
 
			 //args[0] is the group to retrieve members from, args[1] 
			 //is the group to which those members will be added, 
			 //args[2] is the domain name.
 
			 Copying.CopyFromTo( args[0], args[1], args[2]);
		  }
	   }
    }
}

using System;
using System.Collections.Generic;
using System.DirectoryServices.AccountManagement;
 
namespace CopyADGroup
{
    //This class retrieves Active Directory user accconts from the first group, 
    //and adds those accounts to the second
    //group passed into the CopyFrom method.

    public class CopyADGroup
    {
	   public void CopyFromTo
	   (string CopiedGroup, string CopiedToGroup, string DomainName)
	   {
		  try
		  {
			 //The domain name was included to avoid an "Unknown Error" 
			 //in the AccountManagement reference. This is supposed to have
			 //been fixed in .NET 4.5.
			 using (PrincipalContext PC = 
			 	new PrincipalContext(ContextType.Domain, DomainName))
			 {
				using (GroupPrincipal FirstGroup = GroupPrincipal.FindByIdentity
				(PC, IdentityType.SamAccountName, CopiedGroup))
				{
				    //Retrieve the group members to be copied.
				    var FirstGroupMembers = FirstGroup.GetMembers(true);
 
				    //Retrieve the group to which the users will be added.

				    using (GroupPrincipal SecondGroup = 
				    GroupPrincipal.FindByIdentity
				    	(PC, IdentityType.SamAccountName, CopiedToGroup))
				    {					   
					   foreach (Principal User in FirstGroupMembers)
					   {
						  string UserName;
 
						  //Check if the user is already a member 
						  //of the second group to avoid an error.
						  if (!User.IsMemberOf(SecondGroup))
						  {
							 UserName = User.SamAccountName;
							 SecondGroup.Members.Add
							 (PC, IdentityType.SamAccountName, UserName);
							 SecondGroup.Save();
						  }
					   }
				    }
				}
			 }
		  }
		  catch (Exception Ex)
		  {
			 Console.WriteLine("Error: " + 
			 	Ex.Message.ToString() + " " + Ex.StackTrace);
		  }		
	   }
    }
}

Points of Interest

Note that if the old group has a group as a member, it will copy the users in that group to the second group, instead of the member group itself.

The PrincipalContext object includes the domain name to avoid an error I was getting when I only included ContextType.Domain as a parameter:

System.DirectoryServices.AccountManagement.PrincipalOperationException] = 
	{"Unknown error (0x80005000)"}

History

20^th January, 2014: Initial version

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here